VulnOSv2.7z

Welcome to another boot2root / CTF this one is called Gibson. The VM is set to grab a DHCP lease on boot. It doesn't matter what your local subnet is, as long as you keep away from the 192.168.122.0/24 subnet. You will see why soon enough...

Once again, I'll offer some hints to you:

SSH can forward X11.

The challenge isn't over with root. The flag is not where you expect to find it.

SHA1SUM: f4601f62b7011cc6ad403553cb8a9375e43cb0b5 gibson.ova

Many thanks to g0blin and GKNSB for testing this CTF.

Special thanks and shout-outs go to Barrebas and Rasta_Mouse. and g0tmi1k for more advice and offering to host my second CTF.

gibson.ova

Graceful’s VulnVM is web application running on a virtual machine, it’s designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications. This is really a pre-release preview of the project but it’s certainly functional as it stands, but I’m planning on doing a lot of work on this in the near future.

The plan is ultimately to have the application vulnerable to a large number of issues with a selection of different filters at different difficulties that way the as testers become better at detecting and exploiting issues the application can get hardened against common exploitation methods to allow the testers a wider ranger of experiences.

The first filters have now been implemented! The application now supports “levels” where Level 1 includes no real filtration of user input and Level 2 includes a simple filter for each vulnerable function.

Currently it’s vulnerable to:

SQL Injection (Error-based)

SQL Injection (Blind)

Reflected Cross-Site Scripting

Stored Cross-Site Scripting

Insecure Direct-Object Reference

Username Enumeration

Path Traversal

Exposed phpinfo()

Exposed Administrative Interface

Weak Admin Credentials

Extracting the Virtual Machine

Install p7zip to unzip *.7z files on Fedora:

sudo dnf install p7zip

Install p7zip to unzip *.7z files on Debian and Ubuntu:

sudo apt-get install p7zip

Extract the archive:

7z x Seattle-0.0.3.7z

Then you can simply start up the virtual machine using Virtual Box! The root user account has a password of PASSWORD

DroopyCTF.ova

SkyDog Con CTF – The Legend Begins

Over but not forgotten.

Download Link
http://bit.ly/SkyDogConCTF

Instructions

The CTF is a virtual machine and works best in Virtual Box. This OVA was created using Virtual Box 4.3.32. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing the OVA file above it is best to disable the USB 2.0 setting before booting up the VM. The networking is setup for a NAT Network but you can change this before booting up depending on your networking setup. If you have any questions please send me a message on Twitter @jamesbower and I’ll be happy to help.

Goal of Sky Dog Con CTF

The purpose of this CTF is to find all six flags hidden throughout the server by hacking network and system services. This can be achieved without hacking the VM file itself.

Flags

The six flags are in the form of flag{MD5 Hash} such as flag{1a79a4d60de6718e8e5b326e338ae533

Simple CTF

Simple CTF is a boot2root that focuses on the basics of web based hacking. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox or VMWare Player with a Host Only adapter. The VM will assign itself an IP address through DHCP.

Fuku CTF

Fuku (pronounced "far queue") CTF is designed to fuck with people.

This is a boot2root. Import it in VirtualBox, using a Host Only adapter, or use an adapter that will assign it an IP address in the 192.168.56.0/24 range. It only likes having an IP address in that range.

Treat the box as if it was on the network. Don't try to do anything to it that you could only do with physical access, e.g. break into the BIOS or the Grub boot loader.

There are a few flag.txt files to grab. The final one is in the /root/ directory. However, the ultimate goal is to get a root shell.

Scenario

"Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place."

Location

The VM is located at https://www.dropbox.com/s/e2x79z5ovqqsejg/Fuku.ova?dl=0 [File size: 2GB]

Hints

Some scripting will probably be needed to find a useful port.

If the machine seems to go down after a while, it probably hasn't. This CTF isn't called Fuku for nothing!

Minotaur CTF

Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted.
There are a few flag.txt files around to grab. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox with a Host Only adapter to run Minotaur fairly painlessly.

The VM will assign itself a specific IP address (in the 192.168.56.0/24 range). Do not change this, as the CTF will not work properly without an IP address of 192.168.56.X.

If you load the .ova file in VirtualBox, you can see this machine from another VirtualBox machine with a "Host Only" network adapter.
You can see the machine from VMWare Workstation by:
- Going into Virtual Network Editor and changing the VMnet0 network to "Bridged to: VirtualBox Host-Only Ethernet Adapter".
- Setting your VMWare network adapter to Custom (VMnet0)
- If necessary, resetting your network adapter (e.g. ifdown eth0 && ifup eth0) so that you get a 192.168.56.0/24 address.

Location

The VM is located here: https://www.dropbox.com/s/zyxbampga87nqv3/minotaur_CTF_BNE0x00.ova?dl=0 [File size: 691MB]

Hints

This CTF has a couple of fairly heavy password cracking challenges, and some red herrings.

One password you will need is not on rockyou.txt or any other wordlist you may have out there. So you need to think of a way to generate it yourself.

SmashTheTux v1.0.1

by canyoupwn.me

Introduction to Application Vulnerabilities

For Educational Purposes

SmashTheTux is a new VM made by canyoupwn.me for those who wants to take a step into the world of binary exploitation.
This VM consists of 9 challenges, each introducing a different type of vulnerability.
SmashTheTux covers basic exploitation of the following weaknesses:

Walkthroughs

The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.

Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.

* This is a spoiler. It could possibly show you a way of completely solving it.

Download Links

Here you can download the mentioned files using various methods.

We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.

For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).

We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.

To make sure everyone using VulnHub has the best experience possible using the site, we have had to

limit the amount of simultaneous direct download files to two files, with a max speed of 3mb

.
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.

If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.

If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.